Python: Add change-note

2026-04-29 02:35:15 +02:00 · 2021-10-08 12:06:18 +02:00
parent 5e6f042f6e
commit fd0c386a4c
1 changed files with 2 additions and 0 deletions
--- a/python/change-notes/2021-10-08-improve-pickle-dill-shelve-modeling.md
+++ b/python/change-notes/2021-10-08-improve-pickle-dill-shelve-modeling.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Improved modeling of decoding through pickle related functions (which can lead to code execution), resulting in additional sinks for the _Deserializing untrusted input_ query (`py/unsafe-deserialization`). Now we fully support `pickle.load`, `pickle.loads`, `pickle.Unpickler`, `marshal.load`, `marshal.loads`, `dill.load`, `dill.loads`, `shelve.open`.